創(chuàng)新互聯(lián)服務項目包括灞橋網(wǎng)站建設、灞橋網(wǎng)站制作、灞橋網(wǎng)頁制作以及灞橋網(wǎng)絡營銷策劃等。多年來，我們專注于互聯(lián)網(wǎng)行業(yè)，利用自身積累的技術優(yōu)勢、行業(yè)經(jīng)驗、深度合作伙伴關系等，向廣大中小型企業(yè)、政府機構等提供互聯(lián)網(wǎng)行業(yè)的解決方案，灞橋網(wǎng)站推廣取得了明顯的社會效益與經(jīng)濟效益。目前，我們服務的客戶以成都為中心已經(jīng)輻射到灞橋省份的部分城市，未來相信會繼續(xù)擴大服務區(qū)域并繼續(xù)獲得客戶的支持與信任！

實驗：

            1.思路：數(shù)據(jù)包的走向

            2.要求：vlan互通，VRRP 內(nèi)網(wǎng)pat訪問外網(wǎng)，發(fā)布web服務器供外網(wǎng)訪問，

      

   讓sw1作根交換機

   1.配置sw10  創(chuàng)建vlan10 20 100

             1端口加入vlan10   2和3端口為trunk模式

             

     2.配置sw20  創(chuàng)建vlan10 20  40 100

             1端口加入vlan100   3端口加入vlan40  2和4端口為trunk模式

             

             配置vlanif 10  ip：192.168.10.254 24

                 vlanif20  ip：192.168.20.254 24

                 vlanif40  ip：192.168.40.1 24

                 vlanif100 ip：192.168.100.254 24

             

   3.配置sw30  創(chuàng)建vlan10 20 50 100

             1端口加入vlan20   3端口加入vlan50   2和4端口為trunk模式

             

             配置vlanif 10  ip：192.168.10.253 24

                vlanif20  ip：192.168.20.253 24

                vlanif50  ip：192.168.50.1 24

                vlanif100 ip：192.168.100.253 24

             

   4.配置sw20  配置 vlan1的vrrp

            vrrp vrid 10 virtual-ip 192.168.10.250

                  vrrp vrid 10 priority150

                  vrrp vrid 10 track interface g0/0/3 reduce 80

               vrrp vrid 10 track interface g0/0/2 reduce 80

               配置 vlan100的vrrp

                  vrrp vrid 100 virtual-ip 192.168.100.250

                  vrrp vrid 100 priority150

                  vrrp vrid 100 track interface g0/0/3 reduce 80

                  vrrp vrid 100 track interface g0/0/2 reduce 80

             配置 vlan20的vrrp

                 vrrp vrid 20 virtual-ip 192.168.20.250

              

     5.配置sw30  配置 vlan10的vrrp

                 vrrp vrid 10 virtual-ip 192.168.20.250

               配置 vlan20的vrrp

            vrrp vrid 20 virtual-ip 192.168.20.250

                  vrrp vrid 20priority150

                  vrrp vrid 20 track interface g0/0/3 reduce 80

                vrrp vrid 20 track interface g0/0/2 reduce 80

             配置 vlan100的vrrp

                  vrrp vrid 100 virtual-ip 192.168.100.250

             

   6.配置sw20  配置rip

               rip

               version2

               network 192.168.10.0

               network 192.168.100.0

               network 192.168.20.0

               network 192.168.40.0

             靜態(tài)浮動路由

               ip route-static 0.0.0.0 0.0.0.0 192.168.40.254

             

7.配置sw30 配置rip

               rip

               version2

               network 192.168.10.0

               network 192.168.20.0

                  network 192.168.50.0

               network 192.168.100.0

               靜態(tài)浮動路由

               ip route-static 0.0.0.0 0.0.0.0 192.168.50.254

            

  8.配置防火墻

             interface g0

             nameif  inside1

             no shutdown

             ip address 192.168.40.254 255.255.255.0

             security-level 100

             interface g1

             nameif  inside2

             no shutdown

             ip address 192.168.50.254 255.255.255.0

             security-level 90

               interface g2

             nameif  outside

             no shutdown

             ip address 200.8.8.1 255.255.255.252

             security-level 0

              

          配置默認路由

             route inside1 192.168.10.0 255.255.255.0 192.168.40.1

             route inside1 192.168.100.0 255.255.255.0 192.168.40.1

             route inside2 192.168.20.0 255.255.255.0 192.168.50.1

                  route outside 200.1.1.0 255.255.255.0 200.8.8.2

             

          備份

             route inside2 192.168.1.0 255.255.255.0 192.168.50.2

             route inside2 192.168.100.0 255.255.255.0 192.168.50.2

             route inside2 192.168.2.0 255.255.255.0 192.168.50.2

     9.配置AR1

          配置0端口ip：200.1.1.254 24

              1端口ip：200.8.8.2 255.255.255.252

          配置靜態(tài)浮動路由

               ip route-static 0.0.0.0 0.0.0.0 200.8.8.1

           

     10.在防火墻上配置靜態(tài)NAT

          object network ob-in1

          subnet 192.168.10.0 255.255.255.0

          nat （inside1，outside）dynamic 119.1.1.1

         object network ob-in2

          subnet 192.168.20.0 255.255.255.0

          nat （inside2，outside）dynamic 119.1.1.2

           

 此時client1和clent2 都可訪問公網(wǎng)ftp 并抓包查看 內(nèi)網(wǎng)地址已轉化

           

          配置動態(tài)PAT  使公網(wǎng)訪問內(nèi)網(wǎng)

          object network ob-out

          host 119.1.1.3

          object network outside

          host 200.1.1.1

          nat （outside，inside1）static ob-out service tcp 80 80

           

          配置ACL

          access-list out-to-ins permit tcp any object inside1 eq http

          access-group out-to-ins in interface outside

另外有需要云服務器可以了解下創(chuàng)新互聯(lián)scvps.cn，海內(nèi)外云服務器15元起步，三天無理由+7*72小時售后在線，公司持有idc許可證，提供“云服務器、裸金屬服務器、高防服務器、香港服務器、美國服務器、虛擬主機、免備案服務器”等云主機租用服務以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡單易用、服務可用性高、性價比高”等特點與優(yōu)勢，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應用場景需求。

分享名稱：防火墻FirewallsASA-創(chuàng)新互聯(lián)
當前URL：http://weahome.cn/article/ceseed.html